PHP :: Bug #49557 :: Assign $_SESSION to an empty array doesn't work

Bug #49557	Assign $_SESSION to an empty array doesn't work
Submitted:	2009-09-15 02:56 UTC	Modified:	2009-09-16 12:12 UTC
From:	maxtjh at hotmail dot com	Assigned:
Status:	Not a bug	Package:	Session related
PHP Version:	5.2.10	OS:	Windox XP SP2
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	maxtjh at hotmail dot com
New email:
PHP Version:		OS:

New Comment:

[2009-09-15 02:56 UTC] maxtjh at hotmail dot com

Description:
------------
Output for Test.php

Current SID: 1e2rcu3s63pv5r0m0omuckmmc6
$_SESSION => array(0) { }
--------------------------------------?


Output for Test.php?set=1

Current SID: 1e2rcu3s63pv5r0m0omuckmmc6
Session has been set with 'a' and 'b'
$_SESSION => array(2) { ["a"]=> string(3) "aaa" ["b"]=> string(3) "bbb" }
--------------------------------------?


Output for Test.php?reset=1

Current SID: 1e2rcu3s63pv5r0m0omuckmmc6
Session has been set with empty array and new SID is regenerated.
New sid: hathl18bl00gedoqeia2q6dq36
$_SESSION => array(0) { }
--------------------------------------?

After go throught these 3 URL, $_SESSION should be equal to empty array before regenarate new session id.

But it get wrong here:
Change current session id (hathl18bl00gedoqeia2q6dq36) with old session id (1e2rcu3s63pv5r0m0omuckmmc6) in cookie and enter Test.php without any get method.

$_SESSION should be an empty array but it show this:

Current SID: 1e2rcu3s63pv5r0m0omuckmmc6
$_SESSION => array(2) { ["a"]=> string(3) "aaa" ["b"]=> string(3) "bbb" }

Reproduce code:
---------------
session_start();
echo 'Current SID: '.session_id().'<br/>';
if(isset($_GET['set']))
{	$_SESSION=array('a'=>'aaa','b'=>'bbb');
	echo 'Session has been set with \'a\' and \'b\''.'<br/>';
}

if(isset($_GET['reset']))
{	$_SESSION=array();
	session_regenerate_id();
	echo 'Session has been set with empty array and new SID is regenerated.'.'<br/>';
	echo 'New sid: '.session_id().'<br/>';
}

echo '$_SESSION => ';
echo var_dump($_SESSION).'<br/>';

Expected result:
----------------
Current SID: 1e2rcu3s63pv5r0m0omuckmmc6
$_SESSION => array(0) { }

Actual result:
--------------
Current SID: 1e2rcu3s63pv5r0m0omuckmmc6
$_SESSION => array(2) { ["a"]=> string(3) "aaa" ["b"]=> string(3) "bbb" }

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-09-16 12:12 UTC] jani@php.net

session_regenerate_id() does not destroy the session. RTFM: 
http://php.net/session_regenerate_id and notice the optional parameter.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Jul 06 11:02:27 2025 UTC